[Ilugc] Having more administrators...?

From: sridharinfinity@xxxxxxxxx (Sridhar R)

Date: Sun, 14 Mar 2004 23:24:42 -0800 (PST)

--- Suraj <suraj@xxxxxxxxxxx> wrote:

Sridhar R wrote on Sun, Mar 14, 2004 at 10:31:42PM
-0800:
,----
| Is it wise to let more than one person to have
the root password of a
| linux system? If not, is it enough to delegate
responsibilities of
| different adminstration activities by
creating different
| filesystem-groups? Please note that the root
password should (a must)
| be known to our two department staffs at any time.
`----

My suggestion would be to let only two (or even
one) know the root
password and give sudo access to the rest of the
people for their
respective administrative areas. DONT give a sudo
access to bash OR to
run everything just like that. Giving them sudo
access to visudo might
be a good contingency step, provided they know what
they are doing.

Whn there are multiple admins, a changelog would be
a good idea. If I
were you I would force the other admins to write
out a changelog when
they make considerable changes and have this
changelog mailed to all
the admins whenever it changes.

Is there any tool to automate this? Or can I just
edit some conf files so that all root activities are
logged?

What is more important is security. I need to
_trust_ my friends in their activities (but generally
it's difficult to trust even the computer).
But afterall, we did't had any issues regarding
security. What we are expected to do is do proper
maintainence of the system.

So far, none of the users were allowed ssh-to shell
access, bcoz, that would be serious security issue.
The user accounts are used for their mail accounts
which are accessed thourgh HTTP (webclient).

But sometimes, the students has to be given shell
access to the server (may be a subset of them). But I
still can't understand the possible security issues
regarding giving shell to the users (apart of using
infinite resources of course - for that i can use
ulimit)

What happens if one guy replaced the `login` binary
with a patched one, that would log the passwords in
some secret location where the original attacker has
read access(possibly his home directory). This may
happen if one of other careless adminstrator give a
pause without locking the terminal. Or what will
happen if the attacker creates a backdoor. This is
where trust has to be kept on the OTHER adminstrators.